
Daily Open Source Infrastructure Report 

2 January 2014 



Top Stories 

• Researchers reported finding a piece of malware that can be loaded onto a USB drive and 
used to reboot an ATM and cause it to dispense cash. - Softpedia (See item 2) 

• A mile-long train carrying crude oil derailed and exploded after colliding with a second 
train in Casselton, North Dakota, December 30, causing an evacuation of residents within 5 
miles. - NBC News (See item 4) 

• A former Oklahoma City-based doctor was arrested on nine counts of murder and other 
charges after eight patients died of prescription drug overdoses and another allegedly 
caused a fatal traffic accident. - Associated Press (See item 11) 

• Researchers found that the Microsoft Windows Error Reporting feature sends sensitive 
computer system information without encryption, potentially allowing attackers to profile 
and target machines and networks. - Dark Reading (See item 17) 
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Energy Sector 



1. December 30, Arizona Republic - (New Mexico) APS closes 3 units at 4 Corners 
power plant. The Arizona Public Service Co. closed three coal-fired generators 
December 30 at its Four Corners Power Plant near Farmington, New Mexico, as part of 
its $182 million plan to meet environmental regulations. The utility purchased a larger 
stake at Units 4 and 5, which will remain open at the plant. 

Source: http://www.azcentral.com/business/consumer/articles/20131230aps-closes- 
units-comers-power-plant.html 

For another story, see item 4 
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Chemical Industry Sector 

Nothing to report 
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Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 
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Critical Manufacturing Sector 

Nothing to report 
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Defense Industrial Base Sector 



Nothing to report 
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Financial Services Sector 

2. December 30, Softpedia - (International) Malware on USB drives used to empty 
ATMs. Researchers presenting at the Chaos Communication Congress reported that 
they discovered a piece of malware that can be loaded onto a USB drive and used to 
reboot an ATM, cut its network connection, and cause it to dispense cash. The method 
of attack and design of the malware suggests that the authors of the malware had 
detailed knowledge of ATMs. 
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Source: http://news.softpedia.com/news/Malware-on-USB-Drives-Used-to-Empty- 
ATMs-412966.shtml 



3. December 30, Boston Business Journal - (National) Bay State man faces charges in 
loan modification scam. Ten individuals from several States were charged for 
allegedly operating a fraudulent loan modification scheme based in Florida that 
collected more than $7 million in fees from over 2,000 distressed homeowners. 

Source: http://www.bizioumals.com/boston/real estate/201 3/1 2/MA-man-faces- 
charges-in-loan-mod-scam.html 
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Transportation Systems Sector 

4. December 31, NBC News - (North Dakota) Mile-long train carrying crude oil 
derails, explodes in North Dakota. A mile-long train carrying crude oil derailed and 
exploded after colliding with a second train hauling grain that had also derailed in 
Casselton, North Dakota, December 30. Officials encouraged residents living within 5 
miles of the accident to evacuate due to hazardous smoke after nearly 10 rail cars were 
fully engulfed in flames. 

Source: http://usnews.nbcnews.com/ news/2013/12/30/22113442-mile-long-train- 
carrying-crude-oil-derails-explodes-in-north-dakota?lite 

5. December 31, Munster Times of Northwest Indiana - (Indiana) Northbound 1-65 at 

Ridge: Two crashes, fire, hours of lane closures. Two crashes involving 5 semi- 
trucks and one vehicle left one person injured and closed all lanes on Interstate 65 in 
Gary, Indiana, for more than 8 hours December 31. 

Source: http://www.nwitimes.com/news/local/lake/gary/one-lane-reopens-after-fiery- 
crash-closes-northbound- i -/article b7bbd()76-4adb-588b-83 !4-e70425 lebggj .html 

6. December 31, WJLA 7 Washington, D.C. - (Washington, D.C.) 1-295 fatal crash: 
Northbound lanes reopened. Northbound lanes of Interstate 295 between 
Pennsylvania Avenue and East Capitol Street were closed for 8 hours December 30 
after a fatal crash in Washington, D.C. that left one person dead. 

Source: http://www.wila.com/articles/2013/12/i-295-fatal-crash-closes-northbound- 
lanes-98693.html 

7. December 30, Birmingham News - (Alabama) Interstate 65 lanes reopen after car 
going wrong way collides with 18-wheeler. A woman driving in the wrong direction 
on Interstate 65 northbound in Birmingham struck a semi-truck head-on December 30, 
causing a fuel spill that closed two northbound lanes and the on-ramp from University 
Boulevard for 5 hours. 

Source: http://blog.al.com/spotnews/2013/12/interstate 65 north 18-wheeler.html 
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Food and Agriculture Sector 



8. December 30, Food Poisoning Bulletin - (New York) ZIP International recalls 
herring for Listeria. Again. ZIP International recalled its FOSFOREL Herring Fillet 
in Oil December 30 due to the possibility of contamination with Listeria 
monocytogenes. This incident marks the eighth recall for the same product in 21 
months. 

Source: http://foodpoisoningbulletin.com/2013/zip-intemational-recalls-herring-for- 
listeria-again/ 
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Water and Wastewater Systems Sector 

9. December 30, Associated Press - (Iowa) Boil advisory issued in Le Grand after 
water main break. A boil advisory notice was issued by the Iowa Department of 
Natural Resources for the city of Le Grand December 30 after a water main break 
potentially contaminated water. 

Source: http://www.kcrg.com/news/local/Boil-Advisory-Issued-in-Le-Grand-After- 
Water-Main-Break-238028321.html 
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Healthcare and Public Health Sector 

10. December 30, Denver Post - (Colorado) Poudre Valley Hospital patients possibly 
exposed to hepatitis C. Poudre Valley Hospital in Port Collins sent letters December 
30 urging 210 patients who received IV painkillers between September 2011 and 
August 2012 to get tested for hepatitis C after the hospital discovered an infected 
former employee used needles to divert painkillers for personal use. 

Source: http://www.denverpost.com/news/ci 248 1 8 190/poudre-valley-hospital- 
patients-possibly-exposed-hepatitis-c 

11. December 30, Associated Press - (Oklahoma) Okla. agents seize doctor’s records 
after deaths. A former Oklahoma City-based doctor was arrested on nine counts of 
murder and other charges after eight patients died of prescription drug overdoses and 
another allegedly caused a fatal traffic accident. Authorities seized records from the 
doctor’s former clinic and believe he prescribed over 12,000 controlled dangerous 
substance prescriptions during the time he was under investigation. 

Source: http://www.washingtonpost.com/national/okla-agents-seize-doctors-records- 
after-deaths/20 13/1 2/30/ 1 d7 690d6-7 1 ae- 1 1 e3-bc6b-7 1 2d7 70c37 1 5 story.html 

Lor another story, see item 13 
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Government Facilities Sector 



12. December 31, Kennebec Journal - (Maine) Oil spill keeps Oxford County school 
closed. Hebron Station School in Oxford County, Maine, remained closed after a 
December 24 oil spill that seeped into the ground during a heating oil delivery to the 
school. Ground and air tests will determine if the school will reopen the week of 
January 6. 

Source: 

http://www.kionline.com/news/Oil spill keeps Oxford County school closed .html 

13. December 31, Miami Herald - (Florida) Barry University notifies patients records 
may have been hacked. Barry University in Florida notified patients of its Foot and 
Ankle Institute December 30 that their medical records and personal information may 
have been hacked after a security breach was detected May 14 on a school-owned 
laptop. The university has since removed the infection from their network after 
discovering the malware on the laptop. 

Source: http://www.miarniherald.com/2013/12/31/3845178/barrv-universitv-to-notifv- 
patients.html 

14. December 30, WDAF 4 Kansas City - (Kansas) Johnson County Courthouse given 
‘all clear’ after bomb threat. The Johnson County Courthouse in Olathe was 
evacuated and closed December 30 after a phoned-in bomb threat. Police cleared the 
scene after nothing suspicious was found and the courthouse was scheduled to reopen 
December 3 1 . 

Source: http://fox4kc.com/2013/12/30/iohnson-county-courthouse-evacuated-after- 
bomb-threat/ 
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Emergency Services Sector 

15. December 31, Warren Times Observer - (Pennsylvania) Four staffers injured in 
Abraxas riot. A riot at the Abraxas juvenile detention and treatment center in Forest 
County, Pennsylvania, December 28 involving as many as 11 juveniles left 4 staff 
members with injuries after the group became disorderly during free time in the 
facility’s gymnasium. 

Source: http://www.timesobserver.com/page/content.detail/id/568459/Four-staffers- 
iniured-in-Abraxas-riot.html?nav=5006 

16. December 30, Associated Press - (California) 6 arrested in Calif, police 
impersonation prank. The Riverside County Sheriffs Department arrested three girls 
and three boys accused of posing as southern California police officers. The individuals 
demanded people step out of their vehicles by using megaphones and high-powered 
flashlights and ordered the victims to lie face down on the pavement while they drove 
away. 

Source: http://news.msn.com/crime-iustice/6-arrested-in-calif-police-impersonation- 
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prank 



[Return to top ] 

Information Technology Sector 

17. December 31, Dark Reading - (International) Windows crash reports open to 
hijacking. Researchers at Websense Security Labs found that the Microsoft Windows 
Error Reporting feature sends sensitive system information without encryption, 
potentially allowing attackers to profile and target machines and networks. 

Source: http://www.darkreading.com/vulnerabilitv/windows-crash-reports-open-to- 
hiiacking/240165072 

18. December 31, BBC News - (International) Hackers knock League of Legends offline. 
A hacktivist group claimed responsibility for using distributed denial of service (DDoS) 
attacks against servers belonging to popular online game League of Legends, bringing 
the game service down for several hours December 31. The group also caused 
interruptions on other gaming services and leaked a specific user’s personal 
information, which led to a false report that summoned armed police to the user’s 
home. 

Source: http://www.bbc.co.uk/news/technology-25559048 

19. December 30, Softpedia - (International) 4 vulnerabilities fixed in MyBB 1.6.12. The 
developers of MyBB released the latest version of the software which closes 4 
vulnerabilities and 10 functionality issues. 

Source: http://news.softpedia.com/news/4-Vulnerabilities-Lixed-in-MvBB-l-6-12- 
412842.shtml 

20. December 30, Threatpost - (International) OpenSSL website defaced; code 
repositories untouched. OpenSSL confirmed December 29 that a hacktivist group that 
defaced the organization’s Web site did not gain access to its source repositories. 
OpenSSL is continuing to investigate the incident. 

Source: http://threatpost.com/openssl-website-defaced-code-repositories- 
untouched/1 03341 



Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 

Nothing to report 
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Commercial Facilities Sector 

21. December 30, Associated Press - (Florida) Man shoots woman at Fla. restaurant: 
Police. A man shot and killed a woman in an Applebee’s restaurant in Jacksonville 
December 29 and was detained by customers until police arrived. Police continue to 
investigate the incident. 

Source: http://news.msn.com/crime-iustice/man-shoots-woman-at-fla-restaurant-police 

22. December 30, Battle Creek Enquirer - (Michigan) Firefighters evacuate Battle Creek 
building before collapse. A four-story building in downtown Battle Creek that housed 
a sports bar suffered roof and wall collapses in a fire December 30. No injuries were 
reported. 

Source: http://www.wzzml3.com/news/article/277 107/2/Firefighters-evacuate-Battle- 
Creek-building-before-collapse 

23. December 30, WLUK 11 Green Bay - (Wisconsin) Electrical fire damages part of the 
Ephraim Inn. Seven fire departments responded December 30 to an accidental 
electrical fire that damaged 10 units of the Ephraim Inn bed & breakfast in Door 
County, Wisconsin. No injuries were reported. 

Source: http://www.foxl lonline.com/news/local/lakeshore/fire-at-ephraim-inn-in-door- 
county-monday-dec-30-2013 

24. December 29, Rockford Register Star - (Illinois) ‘Smell of wet taxidermy’ keeps 
crew busy at post-flood Burpee Museum in Rockford. A water pipe that broke at the 
Burpee Museum of Natural History in Rockford sometime between December 23 and 
December 26 damaged over 200 artifacts. The museum reopened December 28. 

Source: http ://w w w.rrstar . com/article/20 131 229/NEW S/131229634 
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Dams Sector 



Nothing to report 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 



About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US -CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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